[1559] in Kerberos-V5-bugs
krb5_make_fulladdr() overruns buffer
daemon@ATHENA.MIT.EDU (Michael Shields)
Thu Jul 20 22:53:37 1995
From: shields@tembel.org (Michael Shields)
To: krb5-bugs@MIT.EDU
Date: Fri, 21 Jul 1995 02:51:02 +0000 (GMT)
Due to a typo, krb5_make_fulladdr() overruns a buffer and can segfault.
Index: os/ChangeLog
===================================================================
RCS file: /usr/src/master/security/kerberos/src/lib/krb5/os/ChangeLog,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 ChangeLog
--- ChangeLog 1995/07/18 06:23:36 1.1.1.1
+++ ChangeLog 1995/07/21 02:44:24
@@ -1,3 +1,8 @@
+Fri Jul 21 02:43:51 1995 Michael Shields <shields@tembel.org>
+
+ * mk_faddr.c (krb5_make_fulladdr): malloc(raddr->length), not
+ kaddr->length; otherwise we'll overrun and segfault.
+
Mon May 1 17:05:21 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* init_os_ctx.c (krb5_set_config_files): Added required const to
Index: os/mk_faddr.c
===================================================================
RCS file: /usr/src/master/security/kerberos/src/lib/krb5/os/mk_faddr.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 mk_faddr.c
--- mk_faddr.c 1995/07/18 06:23:37 1.1.1.1
+++ mk_faddr.c 1995/07/21 02:28:25
@@ -49,7 +49,7 @@
return EINVAL;
raddr->length = kaddr->length + kport->length + (4 * sizeof(krb5_int32));
- if (!(raddr->contents = (krb5_octet *)malloc(kaddr->length)))
+ if (!(raddr->contents = (krb5_octet *)malloc(raddr->length)))
return ENOMEM;
raddr->addrtype = ADDRTYPE_ADDRPORT;
--
Shields.
